I've got ~15 VLANs with their L3 interfaces on my core switch stack. I'd like to prevent most of those VLANs from communicating with each other internally, but still allow them to get internet access via the switch's default route.
Is my only option a ton of Deny rules in an extended ACL with an expressed permit at the end?
For example:
deny any 10.1.13.0 0.0.0.255 10.1.11.0 0.0.0.255 deny any 10.1.13.0 0.0.0.255 10.1.12.0 0.0.0.255 deny any 10.1.13.0 0.0.0.255 10.1.14.0 0.0.0.255 . etc . deny any 10.1.13.0 0.0.0.255 10.1.24.0 0.0.0.255 permit any any any
Is there a more elegant way of doing this?
No comments:
Post a Comment